TNW Sites

Apple releases Java update for OS X to protect users against vulnerability used in its hacking

Apple has today released an update for Mac OS X users that delivers improved security for those that are running Java on their machines. This update repairs a vulnerability used to hack into Apple employees’ systems.

The update is available under the Software Update section in the Mac App Store or under the Apple menu>Software Update. The patch updates Java to version 1.6.0_41, and if the version of Java for OS X is lower than 2012-006, the Java SE 6 plug-in is blocked entirely.

Here is the Apple update on this patch:

This release updates the Apple-provided system Java SE 6 to version 1.6.0_41 and is for OS X versions 10.7 or later.

This update uninstalls the Apple-provided Java applet plug-in from all web browsers. To use applets on a webpage, click on the region labeled “Missing plug-in” to go download the latest version of the Java applet plug-in from Oracle.

This update also removes the Java Preferences application, which is no longer required to configure applet settings.

Here’s the security information, which confirms that this update fixes the sandboxing vulnerability exploited by the hackers. It’s worth noting that these issues were addressed for OS X 10.6 several weeks ago, but remained for 10.7 and 10.8 until today:

Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues were addressed by updating to Java version 1.6.0_41. For Mac OS X v10.6 systems, these issues were addressed in Java for Mac OS X v10.6 Update 13.